Ahh, it sounds like you're saying that samba is used server-side only? I don't understand how the client sees anything as a windows share, if they're accessing by imap. Hmmm, I saw an article in Linux Journal a while ago about getting samba to auto-mount CD image files to live shares on demand, maybe this could be a new content-access mechanism, via IMAP over SSL. Anyway (phew, sorry) I think Cory is spot-on, about Samba, but he has more info and experience than I do. So IMAP on SSL is safe, although if you REALLY have any SECRETS, you should expect them to "expire" very soon. Depending on what your secrets are, they might already be expired! What I'm saying is that hardware already exists to easily defeat most current SSL, and not just in the hands of our trusty ol' uncle sam... ;^) so 'nuff paranoia, this is real. And if you happen to copy themselves into someone else's view, you ought to expect that tomorrow's CPU's will easily decrypt them. Now, the majority of the population is not very malicious, or our Open Society would implode, and I'm sure most of you reading this already know all this info -- but what I find in my experience educating people about Free Software and life in the Information Age, is that so many fundamentals are lost... gleaned over. Personally, I feel we all need to take extreme responsibility in how we present things that we call "secure" and "trustworthy" to non-techies and even techie non-security-minded folks. So it seems that we are seeking a "best practices standard" that we can sort of agree upon. For many folks, that is plain-text access to MSN or Yahoo webmail... which *offer* SSL of sorts for login (although I can't seem to get MSN to work in linux) and the big deal as I see it is as Cory hints, most systems do not FORCE the secure mode. I think HushMail and another similar service are the only free webmails to do that... why not just use them? I guess it *is* nice to make some money, I'm available for contract too ( = Well I for one would like to use our User Groups to help define some best practices, and maybe we can churn out a custom knoppix that uses those best practices by default, and given blatant warnings when insecure things are done -- passwords in the clear, etc. Thanks for your time and processing of these bytes!
Many regards, and keep up the good discovery, Ben Barrett http://benb.org On 18 Jul 2003 11:04:53 -0700 Cooper Stevenson <[EMAIL PROTECTED]> wrote: | On Fri, 2003-07-18 at 10:17, Cory Petkovsek wrote: | ... |.... | > Accessing a samba share across the internet is not secure. Since | > you mention it may not be behind a firewall, this means samba is | > available to the internet. | | [snip] | | I am sorry, but this is not correct. The clients accessing the share | through IMAP. I have a server like this running that allows only IMAP, | SMTP, and HTTP through. Everything happens through port 143. | | For added security, install a second NIC pointing to the Intranet and | route the SMB traffic. | | Also please note that all communications are handled via Secure Socket | Layer (SSL). | | [snip] | | > | > If you want remote clients to access samba remotely then freeswan | | For full blown access, VPN is unquestionably the best way to go. For | small and medium sized business travelers who need to be nimble and | for employees who want a convenient way to access documents from home, | I recommend this approach. | | > This is true, relying on imap/ssl could provide secure remote access | > without a vpn, however only with imap minus ssl disabled | | Right. I simply will configure "plain text" communication for my | customers. It's a simple thing to just check the SSL box during the | client's setup. | | Best, | -- | Cooper Stevenson _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
